Dom0 Disaggregation

Dom0 Disaggregation

The Dom0 or control domain has traditionally been a monolithic privileged virtual machine. However, the original intention was for Dom0 to be carefully broken into several privileged service domains - termed Dom0 disaggregation. Qubes OS, OpenXT, Citrix XenClient, and Xoar have made the case for more disaggregation of Dom0 for purposes of better security, reliablity, isolation, and auditability.

In Practice

Qubes OS is similarly pursuing a disaggregated architecture for a desktop system.

The Citrix XenServer organization has made steps towards disaggregation, with the Windsor architecture project.

"Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility."